chungyeong/dev-puppeteer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5cf9ad131a56ec1f8f3ccdc9c7339d278a843f81
dev-puppeteer/my-deepagent/src/my_deepagent/middleware/plan_mode.py
chungyeong 96c8849e2c fix(my-deepagent): v0.3 plan-conformance — 18-item gap fix across PR #2-#9 
1차 v0.3 구현 후 plan-v0.3 와 대조해 발견된 18건 누락/명세 위반을 보강.
자기 리뷰 3 라운드 (누락·미완 / 오류·엣지케이스 / 과최적화) 모두 PASS.

PR #5 plan-mode (3건):
- BLOCKED_TOOLS_IN_PLAN_MODE 에 write_todos 추가
- /plan 시 system message inject (_PLAN_MODE_SYSTEM_PROMPT)
- /approve 시 마지막 assistant 메시지를 "approved plan" system 으로 inject
- InteractiveSession._pending_system_messages 인프라 신설

PR #2 compaction (1건):
- CompactionResult.summary_text 추가, 다음 thread 첫 ainvoke 에 inject

PR #3 auto-memory (6건):
- global memory dir + bootstrap
- frontmatter name/description/type 정식 도입 + MemoryEntry/MemoryType
- _infer_memory_type (keyword heuristic, no LLM)
- _scrub_secrets (OpenRouter/Anthropic/OpenAI/AWS/Bearer redaction)
- /memory show <name> 서브명령
- /remember [--global] / /forget [--global] 스코프 토글

PR #4 skills (3건):
- project_skills_dir + 두 스코프 (global / project) merge with last-wins
- /skill <name> 본문 inject (queue_system_message) — 이전엔 REPL 출력만
- /skills show <name> 별도 서브명령

PR #6 sub-agent (4건):
- budget.py `session:<uuid>` scope + CostMiddleware 자동 전달
- resolve_root_session_id walk-up (cycle guard) + sub-agent root 에 charge
- run_subagent_to_completion 실제 ainvoke + 결과 push to parent
- /agents 서브명령 구조 (list / spawn / show) + spawn 시 parent system msg

PR #7 governance (1건):
- bootstrap_user_dirs — instructions + global/memory + skills + projects 한
  호출로 idempotent 부트스트랩

PR #8 Web GUI (1건):
- index.html → 세션 목록, runs.html (신설) → workflow archive
- conversation.html ?session=<id> deep-link

PR #9 workflow integration (2건):
- /workflow 백그라운드 WorkflowEngine.run + 진행 메시지 stream 누적
- /binding show <workflow-name[@version]> 인자 지원

테스트 (+17, 685 → 702 passed):
- test_plan_mode: write_todos 차단 + blocklist sanity
- test_memory: scrub + type 추론 + override
- test_skills: project override + find_skill + resolve_skill_sources(pk)
- test_subagents: resolve_root_session_id chain + missing fallback
- test_budget: session: scope accumulation
- test_instructions: governance bootstrap + idempotency
- test_api_static: runs.html 신설 + index.html 재구성

게이트:
- ruff check / format --check / mypy: PASS (141 source files)
- pytest -q --ignore=tests/integration/test_e2e_workflow.py
  --ignore=tests/integration/test_openrouter_smoke.py: 702 passed

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 00:03:08 +09:00

115 lines
4.5 KiB
Python
Raw Blame History

"""PlanModeMiddleware (v0.3 PR #5) — block write tools when plan-mode is active.
Claude Code's plan mode lets the user say "design this, don't write code" — the
agent can read, search, plan via `write_todos`, but cannot mutate the
filesystem or run shell commands until the user `/approve`s.
Implementation strategy:
- A callable ``is_active()`` is passed in at construction time. The REPL flips
a flag on/off via slash commands; the middleware re-reads on every tool call.
This avoids rebuilding the agent on every `/plan` / `/approve` toggle.
- When plan-mode is on and the LLM calls a blocked tool, we return a synthetic
``ToolMessage(status="error", ...)`` so the LLM sees feedback and can adjust
("ok, I'll keep planning instead"). We do NOT raise — that would crash the
turn and the user would lose the partial response.
Blocked tools (matches Claude Code's ExitPlanMode-required tool set):
- ``write_file``, ``edit_file`` — fs mutation
- ``bash`` / ``execute`` / ``run_command`` / ``shell`` — shell exec
- ``task`` — sub-agent spawn (a sub-agent could bypass plan mode)
- ``write_todos`` — todos are PART of the plan markdown. Plan-mode
forbids commits to the agent's TODO list; the user reviews the plan
first, then /approve unlocks both writes and the TODO list.
"""
from __future__ import annotations
from collections.abc import Callable
from typing import Any
from langchain.agents.middleware import AgentMiddleware
from langchain_core.messages import ToolMessage
#: Tool names that mutate the filesystem.
_FS_WRITE_TOOLS: frozenset[str] = frozenset({"write_file", "edit_file"})
#: Tool names that execute shell commands.
_SHELL_TOOLS: frozenset[str] = frozenset({"bash", "execute", "run_command", "shell"})
#: Tool names that spawn sub-agents (which would bypass plan mode in the parent).
_SUBAGENT_TOOLS: frozenset[str] = frozenset({"task"})
#: Plan-mode forbids committing to a TODO list — todos are part of the
#: plan markdown that the user reviews before /approve.
_PLANNING_TOOLS: frozenset[str] = frozenset({"write_todos"})
#: Full blocklist applied while plan mode is on.
BLOCKED_TOOLS_IN_PLAN_MODE: frozenset[str] = (
_FS_WRITE_TOOLS | _SHELL_TOOLS | _SUBAGENT_TOOLS | _PLANNING_TOOLS
)
def _block_message(tool_name: str) -> str:
return (
f"Plan-mode is active — `{tool_name}` is blocked. "
"Keep planning with read_file / glob / grep / write_todos, "
"or ask the user to `/approve` to leave plan mode."
)
class PlanModeMiddleware(AgentMiddleware):
"""Block mutating tool calls while plan-mode is active.
Construction takes an ``is_active`` callable that returns the current plan
mode state. The REPL toggles this state via slash commands without
rebuilding the agent — the middleware reads it fresh per tool call.
Tools that are read-only (``read_file``, ``glob``, ``grep``, ``ls``,
``write_todos``) are allowed in plan mode unconditionally.
"""
def __init__(self, *, is_active: Callable[[], bool]) -> None:
self._is_active = is_active
async def awrap_tool_call(self, request: Any, handler: Any) -> Any:
if not self._is_active():
return await handler(request)
name = _tool_name(request)
if name in BLOCKED_TOOLS_IN_PLAN_MODE:
return ToolMessage(
content=_block_message(name),
tool_call_id=_tool_call_id(request),
name=name,
status="error",
)
return await handler(request)
def wrap_tool_call(self, request: Any, handler: Any) -> Any:
# Sync path mirrors the async one for parity (e.g. when the agent is
# invoked synchronously in unit tests). Real REPL/Web paths are async.
if not self._is_active():
return handler(request)
name = _tool_name(request)
if name in BLOCKED_TOOLS_IN_PLAN_MODE:
return ToolMessage(
content=_block_message(name),
tool_call_id=_tool_call_id(request),
name=name,
status="error",
)
return handler(request)
def _tool_name(request: Any) -> str:
tool_call = getattr(request, "tool_call", None)
if isinstance(tool_call, dict):
return str(tool_call.get("name") or "")
return str(getattr(request, "name", "") or "")
def _tool_call_id(request: Any) -> str:
tool_call = getattr(request, "tool_call", None)
if isinstance(tool_call, dict):
return str(tool_call.get("id") or "")
return str(getattr(request, "id", "") or "")
Reference in New Issue View Git Blame Copy Permalink